|
|
The survey, "In the Dark: Critical Industries Confront Cyberattacks" conducted by the Center for Strategic and International Studies and sponsored by McAfee surveyed 200 electricity executives from 14 countries (Australia, Brazil, China, France, Germany, India, Italy, Japan, Mexico, Russia, Spain, UAE/Dubai, United States).
Drawing a quick summary of the report, nine out of 10 Australian respondents believe their sector is not at all or not very prepared for stealthy network infiltration and 50 percent are not prepared to deal with large-scale denial of service attacks. Further, the rate of security adoption is significantly trailing behind the rate at which threats are growing.
More seriously, the report notes, "Twenty-five percent of critical infrastructure companies do not interact with the government on cybersecurity and network defense matters."
Following on from last year's inaugural report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwar," the new report concludes that "while the threat level to these infrastructures has accelerated, the response level has not, even after the majority of respondents frequently found malware designed to sabotage their systems (approximately 75 percent), and nearly half of respondents in the electric industry sector reported that they found Stuxnet on their systems."
Further highlights on the next page.
|
Organisations failing to adopt effective security: Sophisticated security measures placed upon offsite users are in the minority, with only about a quarter of those surveyed implementing tools to monitor network activity, and only about 26 percent use tools to detect role anomalies.
Security conscious countries: Brazil, France and Mexico are lagging in their security measures, adopting only half as many security measures as leading countries China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries.
Organisations fear government attacks: More than half of respondents say that they have already suffered from government attacks. Australian respondents viewed Russia as a major concern in developing cyber attacks, followed by China
"The threat of cyberattacks to critical infrastructure industries has grown in the past year, but the level of response has not. Organisations need to adopt effective security measures to ensure that they are prepared to deal with cyberattacks which can result in large scale service denials and cripple essential services. Cyberextortion is now big business and cybercriminals are threatening blackouts," said Michael Sentonas, Chief Technology Officer, McAfee Asia Pacific.
Ignoring fakes and hoaxes of course.
"There has been a very large government focus on Critical Infrastructure Protection in Australia. The growing sense of unpreparedness is the result of more understanding of the threat because of a big education effort for executives by the government," said Ajoy Ghosh, Chief Information Security Officer at Logica Australia.
Citing the respect for government controls over the widening role of so-called electrical "smart grids," the report quotes Jim Woolsey, former United States Director of Central Intelligence: "Ninety to ninety-five percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check."
It seems the "just get it done" attitude is alive and well.
The report is an extensive insight into security in the critical infrastructure industry. We recommend you read it. Closely.
